FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
14ad2a28-66d2-11dc-b25f-02e0185f8d72konquerer -- address bar spoofing

The KDE development team reports:

The Konqueror address bar is vulnerable to spoofing attacks that are based on embedding white spaces in the url. In addition the address bar could be tricked to show an URL which it is intending to visit for a short amount of time instead of the current URL.


Discovery 2007-09-14
Entry 2007-09-19
kdebase
< 3.5.7_3

kdelibs
< 3.5.7_2

CVE-2007-3820
CVE-2007-4224
CVE-2007-4225
http://www.kde.org/info/security/advisory-20070914-1.txt
2e116ba5-f7c3-11d9-928e-000b5d7e6dd5kdebase -- Kate backup file permission leak

A KDE Security Advisory explains:

Kate / Kwrite create a file backup before saving a modified file. These backup files are created with default permissions, even if the original file had more strict permissions set.

Depending on the system security settings, backup files might be readable by other users. Kate / Kwrite are network transparent applications and therefore this vulnerability might not be restricted to local users.


Discovery 2005-07-18
Entry 2005-07-18
Modified 2005-10-09
kdebase
ge 3.2.0 lt 3.4.1

linux_base-suse
ge 9.3 lt 9.3_2

CVE-2005-1920
https://bugs.kde.org/show_bug.cgi?id=103331
http://www.kde.org/info/security/advisory-20050718-1.txt
3987c5d1-47a9-11df-a0d5-0016d32f24fbKDM -- local privilege escalation vulnerability

KDE Security Advisory reports:

KDM contains a race condition that allows local attackers to make arbitrary files on the system world-writeable. This can happen while KDM tries to create its control socket during user login. A local attacker with a valid local account can under certain circumstances make use of this vulnerability to execute arbitrary code as root.


Discovery 2010-04-13
Entry 2010-04-14
Modified 2010-04-14
kdebase
le 3.5.10_6

kdebase-workspace
le 4.3.5_1

CVE-2010-0436
http://www.kde.org/info/security/advisory-20100413-1.txt
4593cb09-4c81-11d9-983e-000c6e8f12efkonqueror -- Password Disclosure for SMB Shares

When browsing SMB shares with Konqueror, shares with authentication show up with hidden password in the browser bar. It is possible to store the URL as a shortcut on the desktop where the password is then available in plain text.


Discovery 2004-10-06
Entry 2004-12-12
Modified 2005-01-13
kdebase
kdelibs
ge 3.2.0 le 3.3.1

CVE-2004-1171
305294
http://www.kde.org/info/security/advisory-20041209-1.txt
http://marc.theaimsgroup.com/?l=bugtraq&m=110178786809694
641859e8-eca1-11d8-b913-000c41e2cdadMutiple browser frame injection vulnerability

A class of bugs affecting many web browsers in the same way was discovered. A Secunia advisory reports:

The problem is that the browsers don't check if a target frame belongs to a website containing a malicious link, which therefore doesn't prevent one browser window from loading content in a named frame in another window.

Successful exploitation allows a malicious website to load arbitrary content in an arbitrary frame in another browser window owned by e.g. a trusted site.

A KDE Security Advisory reports:

A malicious website could abuse Konqueror to insert its own frames into the page of an otherwise trusted website. As a result the user may unknowingly send confidential information intended for the trusted website to the malicious website.

Secunia has provided a demonstration of the vulnerability at http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/.


Discovery 2004-08-11
Entry 2004-08-12
Modified 2004-09-14
kdelibs
< 3.2.3_3

kdebase
< 3.2.3_1

linux-opera
opera
ge 7.50 lt 7.52

firefox
< 0.9

linux-mozilla
linux-mozilla-devel
mozilla-gtk1
< 1.7

mozilla
< 1.7,2

netscape7
< 7.2

CVE-2004-0717
CVE-2004-0718
CVE-2004-0721
http://secunia.com/advisories/11978/
http://bugzilla.mozilla.org/show_bug.cgi?id=246448
ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdelibs-htmlframes.patch
ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdebase-htmlframes.patch
b0911985-6e2a-11d9-9557-000a95bc6faeweb browsers -- window injection vulnerabilities

A Secunia Research advisory reports:

Secunia Research has reported a vulnerability in multiple browsers, which can be exploited by malicious people to spoof the content of websites.

The problem is that a website can inject content into another site's window if the target name of the window is known. This can e.g. be exploited by a malicious website to spoof the content of a pop-up window opened on a trusted website.

Secunia has constructed a test, which can be used to check if your browser is affected by this issue: http://secunia.com/multiple_browsers_window_injection_vulnerability_test/

A workaround for Mozilla-based browsers is available.


Discovery 2004-12-08
Entry 2005-01-24
Modified 2005-02-26
firefox
< 1.0.1,1

mozilla
< 1.7.6,2

linux-mozilla
linux-mozilla-devel
< 1.7.6

de-linux-mozillafirebird
el-linux-mozillafirebird
ja-linux-mozillafirebird-gtk1
ja-mozillafirebird-gtk2
linux-mozillafirebird
ru-linux-mozillafirebird
zhCN-linux-mozillafirebird
zhTW-linux-mozillafirebird
de-netscape7
fr-netscape7
ja-netscape7
netscape7
pt_BR-netscape7
mozilla-gtk1
ge 0

de-linux-netscape
fr-linux-netscape
ja-linux-netscape
linux-netscape
linux-phoenix
mozilla+ipv6
mozilla-embedded
mozilla-firebird
mozilla-gtk2
mozilla-gtk
mozilla-thunderbird
phoenix
ge 0

kdebase
kdelibs
< 3.3.2

opera
opera-devel
linux-opera
< 7.54.20050131

http://secunia.com/secunia_research/2004-13/advisory/
http://secunia.com/multiple_browsers_window_injection_vulnerability_test/
CVE-2004-1156
http://secunia.com/advisories/13129/
https://bugzilla.mozilla.org/show_bug.cgi?id=273699
https://bugzilla.mozilla.org/show_bug.cgi?id=103638
http://mozillanews.org/?article_date=2004-12-08+06-48-46
CVE-2004-1157
http://secunia.com/advisories/13253/
CVE-2004-1158
http://secunia.com/advisories/13254/
http://www.kde.org/info/security/advisory-20041213-1.txt
CVE-2004-1160
http://secunia.com/advisories/13402/